from what country this email ??

  • Thread starter Thread starter Goldenshuttle
  • Start date Start date
G

Goldenshuttle

Hi folks.
I heard about a software(s) that can show you the country, and even the
address of the person who sent a certain email, or chat...does anybody
have a clue ?

Many thanks
 
Goldenshuttle formulated on Sunday :
Hi folks.
I heard about a software(s) that can show you the country, and even the
address of the person who sent a certain email, or chat...does anybody
have a clue ?

Many thanks
Click to expand...


Goldenshuttle,

Normally you look at the posting header/e-mail header...

For example you have posted to newsgroups from the www, via google
Your ISP if not forged:
64.229.221.59 = name hse-mtl-ppp77584.qc.sympatico.ca

This newsgroup can be read directly via
alt.comp.anti-virus

I see sympatico discontinued Usenet access, but some service is
available to you via newshosting...
http://service.sympatico.ca/index.cfm?method=content.view&content_id=5485&category_id=280

Maybe other more experienced users of this newsgroup can help you here
with some free providers... And better information about tracing...
www.samspade.org/

JR the postman



Path:
border1.nntp.dca.giganews.com!nntp.giganews.com!nx02.iad01.newshosting.com!newshosting.com!news.glorb.com!postnews.google.com!i42g2000cwa.googlegroups.com!not-for-mail
From: "Goldenshuttle" <[email protected]>
Newsgroups: alt.comp.anti-virus
Subject: from what country this email ??
Date: 30 Jul 2006 21:21:07 -0700
Organization: http://groups.google.com
Lines: 7
Message-ID: <[email protected]>
NNTP-Posting-Host: 64.229.221.59
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1154319670 7396 127.0.0.1 (31 Jul 2006
04:21:10 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Mon, 31 Jul 2006 04:21:10 +0000 (UTC)
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1),gzip(gfe),gzip(gfe)
Complaints-To: (e-mail address removed)
Injection-Info: i42g2000cwa.googlegroups.com;
posting-host=64.229.221.59;
posting-account=-PZCtQ0AAAA6BLMJH26vWoWBASmZZ733
Xref: number1.nntp.dca.giganews.com alt.comp.anti-virus:106816
 
For example you have posted to newsgroups from the www, via google
Your ISP if not forged:
64.229.221.59 = name hse-mtl-ppp77584.qc.sympatico.ca
Click to expand...

Not only this, with entering said IP number into

http://www.geobytes.com/IpLocator.htm?GetLocation

I can see that you are living near Ontario (if the site ain't wrong,
of course, in *my* case, it misses me by several cities, as they are
virtually packed in Germany, and locates me in Hessia, instead of
northern Baden-Wuerttemberg)


Gabriele Neukam

(e-mail address removed)
 
Gabriele said:
Not only this, with entering said IP number into

http://www.geobytes.com/IpLocator.htm?GetLocation

I can see that you are living near Ontario (if the site ain't wrong,
of course, in *my* case, it misses me by several cities, as they are
virtually packed in Germany, and locates me in Hessia, instead of
northern Baden-Wuerttemberg)


Gabriele Neukam

(e-mail address removed)
Click to expand...

<lol> Going there puts me in London, England when I live in South West
Wales, it did get the country right, UK <g>
Joan
 
<lol> Going there puts me in London, England when I live in South West
Wales, it did get the country right, UK <g>
Joan
Click to expand...
Puts me in Preston, a good 60 miles away, and nothing starting 130.88 is there, it's
all here in Manc.
 
I can see that you are living near Ontario (if the site ain't wrong,
of course, in *my* case, it misses me by several cities, as they are
virtually packed in Germany, and locates me in Hessia, instead of
northern Baden-Wuerttemberg)
Click to expand...

Gabriele, your location rings genealogical bells in my mind. I've not
personally researched my Kopp lineage, but a second cousin once
did, and she sent me her information. I think she got as far back
as some Ferdinand Kopp in the middle 1700's. The first name
Ferdinand struck me as unusual for a German first name. Is it?

I had thought of the possibility of communicating some day with
a person living in that region who speaks both German and English.
If you have any interest in perhaps helping me out in doing a bit
more research and verification, please let me know.

Art Kopp
http://home.epix.net/~artnpeg
 
I think she got as far back
as some Ferdinand Kopp in the middle 1700's. The first name
Ferdinand struck me as unusual for a German first name. Is it?
Click to expand...

Not really. This name was mostly common in Austria, and Bavaria, too. I
can't tell whether it was typical for our region, too; as I am kind of a
"foreigner" here, with parents coming from Franconia and Berlin
(capital). As such, I am afraid, I can't do much more than use
Google, which will yield the same results that your friend would get.

There have been many Germans which went to northern America in the 19th
century, but it is hard to track the lineage back, even if you have
stayed here. My father once tried it, and finally hit a wall, when one
of the ancestors had the weird idea to call *all* his eight sons
"Johannes-something", which caused such a confusion in the church book
entries, that no one could them tell apart any more.


Gabriele Neukam

(e-mail address removed)
 
Guys forgive my limited knowledge...but how do I know the IP or a
webpage ? or and email, say and offensive email ??
I write some blogs that irritate some hardliners, so some sent me
swears and curses....how do I know the IP ?

One more question, can we in this case locate those crazy people
chopping civilian heads and videotaping them ? this should enable law
people to catch them and put them away ? isn t it ? if yes, why are
they still posting such disgusting video s ???
 
but how do I know the IP or a
webpage ? or and email, say and offensive email ??
Click to expand...

The IP (look at the topmost, if it isn't set by your own ISP) is stored
in the message header. If you are reading your mail with Outlook
(Express), hit Ctrl-3 to display this header. it might look like this
(excerpt from a PayPal spoof)

Return-Path: <[email protected]> (sic)

(this is easily set by the sender, so it isn't reliable)

Received: from mailin23.aul.t-online.de (mailin23.aul.t-online.de [172.20.27.75])
by mhead13 with LMTP; Fri, 04 Aug 2006 11:58:20 +0200
X-Sieve: CMU Sieve 2.2

(these two lines are set by my ISP, "CMU Sieve" is the spam and malware
filter)

Received: from 66.121.102.39 ([66.121.102.39]) by mailin23.sul.t-online.de
with smtp id 1G8wRT-0GCEbo0; Fri, 4 Aug 2006 11:58:07 +0200

(again set by my ISP, the number in square brackets is the authoritative
IP from which the TOL server received the message, and it cannot be
forged - else the communication would just *fail*)

Received: from 32.192.168.244 by ; Fri,
04 Aug 2006 08:06:44 -0300

(well, this isn't reliable, it could be an arbitrary addition set by the
spammer to hide his tracks. Each IP beyond the one recorded by your
ISP might be dubious)

Message-ID:
<[email protected]>

(hm. I had to send my complaint to SBC global. Are they related, or is
this fake? I'll keep to the IP number)

From: "PayPal Security Service" <[email protected]>
Reply-To: "PayPal Security Service" <[email protected]>

(both lines are completely faked. They are easily set in any given mail
program. There are ISPs, who replace the lines with their own records,
as mine does, but not every provider does)

To: (e-mail address removed)
Subject: Restore Your Account Access (Routing Code:
C840-L1581-Q120-1937)
Date: Fri, 04 Aug 2006 12:59:44 +0200
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)

(this is just as easily faked. Don't trust X-lines, if they aren't set
by your ISP, like those TOI-something below)

MIME-Version: 1.0
X-Priority: 1
X-MSMail-Priority: High
X-TOI-SPAM: u;0;2006-08-04T09:58:20Z
X-TOI-VIRUSSCAN: unchecked
X-TOI-MSGID: 39e75c03-c314-444c-8868-7fb1325228e3

(ah, my provider set a specific message ID. This one might be way more
valid than the "Verizon" one)

X-Seen: false
X-ENVELOPE-TO: <[email protected]>
Content-Type: multipart/alternative; boundary="--9657211701631420693"

One more question, can we in this case locate those crazy people
chopping civilian heads and videotaping them ? this should enable law
people to catch them and put them away ? isn t it ? if yes, why are
they still posting such disgusting video s ???
Click to expand...

There is still the possibility of using proxies, which won't tell from
where they received the message they are told to send, and even
cascading them. Read about the JAP project.

http://anon.inf.tu-dresden.de/index_en.html


Gabriele Neukam

(e-mail address removed)
 
Back
Top